b"Securities and Exchange\n    Commission\n  Office of Inspector General\nDuring the second half of fiscal year 2006, the Office of Inspector\nGeneral assisted the Commission in its efforts to:\n\n    - Improve information technology security,\n\n    - Implement appropriate controls to prevent conflicts of\n          interest in procurements,\n\n    - Enhance the integrity of the Commission and its staff by\n         investigating allegations of misconduct,\n\n    - Improve the preliminary review process for disclosure\n          filings,\n\n    - Develop a plan to ensure continuity of operations after a\n         contingency (e.g., a natural or man-made disaster),\n\n    - Strengthen procedures for oversight of a large\n           information technology contract,\n\n    - Improve the timeliness of the processing of exemptive\n          applications,\n\n    - Enhance the oversight of the Public Company\n          Accounting Oversight Board,\n\n    - Assure adequate security over official personnel files,\n      and\n\n    - Appropriately screen candidates in the law student\n      observer program.\n\x0c                                                                                   PAGE 2\n\n\n\n                                 Executive Summary\nDuring this period (April 1, 2006 to September 30, 2006), the Office of Inspector General\n(Office) issued five audit reports, one inspection report, two special projects, and one\ninvestigative memoranda on management issues, and completed one survey.\nThese evaluations focused on preliminary reviews of disclosure filings; conflict of interest\ncontrols in procurement; the Commission\xe2\x80\x99s information technology contract with\nDynCorp/CSC; exemptive application processing; oversight of the Public Company\nAccounting Oversight Board; continuity of operations planning; personnel files; the law\nstudent observer program; the annual evaluation under the Federal Information Security\nManagement Act; and a Privacy Act questionnaire. This work is described in more detail in\nthe Audit Program section below.\nFive investigations were closed during the period. One subject was referred to the\nDepartment of Justice, which declined prosecution. Three subjects were referred to\nCommission management. One of these subjects, a contract employee, was removed from the\ncontract. One subject referred during the prior semiannual period was suspended for four\ndays; another subject referred during the prior period was counseled and required to attend\nfacilitation. Six subjects referred during this period and prior semi-annual periods are\nawaiting disposition. The Investigative Program section below describes the significant\ncases closed during the period.\nOur Office previously reported Information technology (IT) management as a significant\nproblem. During this period, the Commission further improved its IT management,\nespecially IT security. We no longer consider IT security to be a significant weakness. We\nintend to maintain our audit focus in this important area.\nAn audit completed in a prior period found that Commission financial management controls\nfor fiscal year 2002 were effective in all material respects except for controls over property\naccountability, accounting and control of disgorgements, information system and security\nprogram controls, and the Disgorgement and Penalties Tracking System. We reported these\nexceptions, taken together, as a significant problem.\nThe Government Accountability Office (GAO) identified similar weaknesses in its audits of\nthe Commission\xe2\x80\x99s fiscal years 2004 and 2005 financial statements (except for property\naccountability - the value of the property account balance was below the materiality\nthreshold). During its ongoing audit of the Commission\xe2\x80\x99s fiscal year 2006 financial\nstatements, the GAO indicated that it no longer considers IT security to be a material\nweakness.\nNo management decisions were revised during the period. The Office of Inspector General\nagrees with all significant management decisions regarding audit recommendations.\n\n\n\n\nS E C O I G S E M I - AN N U AL R E P O R T                                OCTOBER 31,\n2006\n\x0c                                                                                   PAGE 3\n\n\n\n                                          Audit Program\nDuring this period, the Office issued five audit reports, one inspection report, two special\nprojects, and one investigative memorandum on management issues. The Office also\ncompleted a survey.\nThese evaluations are summarized below. Management generally concurred with our\nrecommendations, and in many cases took corrective actions during the evaluations. A list\nof pending evaluations follows the summaries.\n\n\nPRELIMINARY REVIEW OF DISCLOSURE FILINGS (NO. 401)\nWe reviewed the Division of Corporation Finance\xe2\x80\x99s preliminary review process for\ndisclosure filings. We found that the Division has made several enhancements to the\nprocess. Further enhancements are planned, including additional focus on the quality of\nthe filing company.\nWe made several recommendations to improve preliminary reviews, including enhancing\nconsideration of company risk factors, maintaining surveillance of large companies, and\ncontinuing efforts to manage workloads better.\n\n\nCONFLICT OF INTEREST CONTROLS IN PROCUREMENT (NO. 404)\nWe reviewed the controls used by the Commission to prevent and detect conflicts of interest\nduring the procurement process. The audit was begun after an investigation by our office\ndisclosed that an employee participated in a procurement while holding a disqualifying\nfinancial interest in a firm involved in the procurement.\nWe found that the conflict of interest controls were functioning, but that they could be\nimproved. We recommended that the relevant regulation be updated to reflect current\npractices and to help ensure that required documentation is maintained. We also\nrecommended that the Office of Administrative Services take steps to enhance related\ntraining and record-keeping.\n\n\nSURVEY OF DYNCORP CONTRACT (NO. 407)\nAn OIG contractor performed a survey of a large Commission IT contract with\nDynCorp/CSC. The primary purpose of the survey was to identify areas for future detailed\naudit work.\nAt the end of the survey, we briefed the Office of Information Technology (OIT) on our\nresults and made several preliminary suggestions to enhance contract oversight. The OIG\ncontractor has started a detailed review of several areas identified during the survey.\n\n\n\nS E C O I G S E M I - AN N U AL R E P O R T                                 OCTOBER 31,\n2006\n\x0c                                                                                    PAGE 4\n\n\nIM EXEMPTIVE APPLICATION PROCESSING (NO. 408)\nWe reviewed the exemptive application process in the Division of Investment Management.\nUnder the Investment Company Act of 1940, the Commission is authorized to grant\nexemptions from the Act\xe2\x80\x99s provisions when the exemption is in the public interest.\nWe found that the timeliness of the application process could be improved. Our\nrecommendations included issuing exemptive rules, filing applications electronically, and\nrestricting or eliminating the review of draft exemptive applications. We also\nrecommended the return of poorly prepared applications, developing standard follow-up\nprocedures, improving performance measures, and revising the applications database.\n\n\nOVERSIGHT OF PCAOB (NO. 412)\nUnder the Sarbanes-Oxley Act of 20002, the Commission has oversight of the Public\nCompany Accounting Oversight Board (which was created by the Act). Our review of the\nCommission\xe2\x80\x99s oversight identified several possible improvements.\nAmong other steps, we recommended that the Commission have the Board seek reports\nfrom its external auditor on its internal controls and compliance with laws and regulations;\nenhance oversight of the Board\xe2\x80\x99s human capital and disaster contingency plans; develop\npolicies and procedures for certain Commission oversight responsibilities under the Act;\nand consider possible delegations of authority within the Commission regarding the Board.\n\n\nCONTINUITY OF OPERATIONS PLANNING (NO. 413)\nWe reviewed the Commission\xe2\x80\x99s preparations for responding to contingencies that could\naffect the Commission\xe2\x80\x99s operations or securities markets (such as natural or man-made\ndisasters). During the audit, Commission staff updated the draft Continuity of Operations\n(COOP) Plan and worked on several continuity-related initiatives.\nWe made several recommendations to assist the Commission\xe2\x80\x99s contingency planning,\nincluding designating a permanent COOP coordinator, ensuring adequate COOP staffing,\nmaking enhancements to the Market Watch rooms, testing backup generators, backing-up\nvital records, and training Commission essential staff.\n\n\nPERSONNEL FILES (NO. 419)\nAs a follow-up to a prior audit, we performed an inspection of the security over personnel\nfiles maintained by the Office of Human Resources (OHR). We found that OHR had taken\nseveral steps to improve security over the files, including relocating the file room, installing\na cipher lock, and limiting access to the file room.\nWe recommended several additional steps, including guidance on signing-out and\nsafeguarding files in use, periodic inventories of files, and storing certain records\nelectronically.\n\nS E C O I G S E M I - AN N U AL R E P O R T                                  OCTOBER 31,\n2006\n\x0c                                                                                  PAGE 5\n\n\nFISMA 2006 (NO. 425)\nWe hired a contractor to assist us in the annual evaluation of Commission IT security\nunder the Federal Information Security Management Act (FISMA). The evaluation found\nthat the Commission has continued to make progress in developing a mature information\nsecurity program, and has addressed many security vulnerabilities identified in prior\nassessments. Overall, we no longer consider IT security to be a significant problem at the\nCommission.\nWe recommended improvements in developing the inventory of major systems, the\ncertification and accreditation process, the tracking of security weaknesses, and the\ndocumentation of systems.\n\n\nPRIVACY ACT QUESTIONNAIRE (NO. 426)\nThe FISMA contractor also helped us complete a data collection (DCI) instrument prepared\nby the Inspector General community (through the PCIE/ECIE). The DCI\xe2\x80\x99s purpose was to\nassess agency compliance with OMB requirements for securing sensitive data (i.e.,\npersonally identifiable information protected by the Privacy Act) described in OMB\nmemorandum M-06-16, issued June 23, 2006. This memorandum responded to numerous\nincidents involving the compromise or loss of sensitive personal information by Federal\nagencies.\nBased on our evaluation, we observed that the Commission has not yet fully implemented\nthe OMB requirements. However, the Commission\xe2\x80\x99s Privacy Office and the Office of\nInformation Technology are taking steps to comply by implementing additional controls and\ndeveloping a policy on securing Privacy Act information.\n\n\nLAW STUDENT OBSERVER PROGRAM (G-444)\nUnpaid interns who are not U.S. citizens work at the Commission through the Law Student\nObserver Program. During an investigation, we identified needed improvements in the\nselection process for these interns, and in determining what access they are given to\nCommission information and databases.\nWe recommended that the Office of the Executive Director (in consultation with affected\noffices) consider performing additional background and conflict of interest checks for these\ninterns. We also recommended that the OED determine what access, if any, they should be\ngiven to non-public Commission information.\n\n\nPENDING EVALUATIONS\nThe following evaluations were pending at the close of the semi-annual period (September\n30, 2006):\nNo. 405 IT Management in Enforcement\n\nS E C O I G S E M I - AN N U AL R E P O R T                               OCTOBER 31,\n2006\n\x0c                                                                                 PAGE 6\n\n\nNo. 416 Staff Interpretative Guidance\nNo. 417 Systems Security Evaluation\xe2\x80\x94Blue Sheet System\nNo. 420 Office of Risk Assessment\nNo. 421 Investment Company Filing Initiatives\nNo. 422 FOIA Backlog\nNo. 423 Enforcement Performance Management\nNo. 424 Systems Security Evaluation\xe2\x80\x94STARS\nNo. 427 DynCorp Contract\xe2\x80\x94Detailed Review\n\n\n\n                                   Investigative Program\nFive investigations were closed during the period. One subject was referred to the\nDepartment of Justice, which declined prosecution. Three subjects were referred to\nCommission management. One of these subjects, a contract employee, was removed from\nthe contract. One subject referred during the prior semi-annual period was suspended for\nfour days; another subject referred during the prior period was counseled and required to\nattend facilitation. Six subjects referred during this period and prior semi-annual periods\nare awaiting disposition.\nThe most significant cases closed during the period are described below.\n\n\nVIOLATION OF RULE REGARDING SECURITIES TRANSACTIONS\nAn Office investigation developed evidence that a staff member purchased securities in\nviolation of the Commission\xe2\x80\x99s rule governing employee security transactions and failed to\ncomply with the rule\xe2\x80\x99s reporting requirements. We also found evidence that some of the\nemployee\xe2\x80\x99s securities purchases created an appearance of impropriety and that the\nemployee did not consistently and accurately report financial assets on the Office of\nGovernment Ethics confidential financial disclosure form. The Department of Justice\ndeclined prosecution, and administrative action is pending.\n\n\nBREACH OF CONFIDENTIALITY REQUIREMENT\nAn investigation found evidence that a Commission contract employee violated the terms of\nthe contract by discussing in a public setting non-public information learned through the\ncontractor\xe2\x80\x99s work at the Commission. The contract employee admitted and apologized for\nthe disclosures. At the commencement of our investigation, the employee was removed\nfrom the contract. The employee will not be allowed to return to work at the Commission.\n\n\n\nS E C O I G S E M I - AN N U AL R E P O R T                                OCTOBER 31,\n2006\n\x0c                                                                                 PAGE 7\n\n\nUNAUTHORIZED DISCLOSURE\nThe Office investigated concerns that an intern working at the Commission may have\ndisclosed non-public Commission information to unauthorized persons. The investigation\nfound insufficient evidence of improper disclosures of non-public information by the intern.\n\n\n\n                                    Significant Problems\nNo new significant problems were identified during the period.\n\n\n\n           Significant Problems Identified Previously\n\nFINANCIAL MANAGEMENT SYSTEMS CONTROLS\nAn OIG contractor completed an audit of Commission financial management systems\ncontrols during a prior period (Audit No. 362). The audit found that Commission financial\nmanagement controls for fiscal year 2002 were effective in all material respects, based on\ncriteria established under the Federal Managers Financial Integrity Act, except for three\nmaterial weaknesses and one material non-conformance.\nThe exceptions concerned property accountability, accounting and control of disgorgements,\ninformation system and security program controls, and the Disgorgement and Penalties\nTracking System. We reported that, taken together, these financial management\nexceptions were a significant problem for the Commission. Management concurred with\nour recommendations to strengthen these financial controls, and promptly began to take\nactions to correct the weaknesses.\nThe Government Accountability Office (GAO) performed the audit of the Commission\xe2\x80\x99s\nfinancial statements for fiscal years 2004 and 2005. The audits found that the Commission\nhas made significant progress in building a financial reporting structure for preparing\nfinancial statements for audit.\nGAO also found that the SEC property account balance was below the threshold for\nmateriality; as a consequence we removed property accountability as an element of this\nsignificant problem. However, GAO identified material internal control weaknesses in\npreparing financial statements and related disclosures, recording and reporting\ndisgorgements and penalties, and information security, which became the basis for this\nsignificant problem.\nDuring its ongoing audit of the Commission\xe2\x80\x99s fiscal year 2006 financial statements, GAO\nindicated that it no longer considers information security to be a material weakness, based\non the corrective actions to date. It has not yet indicated whether the preparation of\nfinancial statements and recording and reporting of disgorgements and penalties still\nconstitute material weaknesses.\nS E C O I G S E M I - AN N U AL R E P O R T                               OCTOBER 31,\n2006\n\x0c                                                                                   PAGE 8\n\n\nINFORMATION TECHNOLOGY MANAGEMENT\nSince April 1996, we have reported information technology (IT) management as a\nsignificant problem based on weaknesses identified by several audits, investigations, and\nmanagement studies. Significant IT weaknesses included information systems security; IT\ncapital investment decision-making; administration of IT contracts; IT project\nmanagement; enterprise architecture management; strategic management of IT human\ncapital; and management of software licenses.\nWe no longer consider information systems security to be an element of this significant\nproblem, based on our fiscal year 2006 FISMA evaluation and GAO\xe2\x80\x99s ongoing audit of the\nCommission\xe2\x80\x99s fiscal year 2006 financial statements. The Office of Information Technology\n(OIT) indicated that it has continued to strengthen the management of Commission IT\nduring this reporting period. OIT expects that IT management will no longer be a\nsignificant problem by the end of fiscal year 2007.\nAlthough OIT continues to take actions to correct the identified IT weaknesses, we still\nconsider IT management to be a significant problem at this time. We intend to continue\nour oversight of this area.\n\n\n\n                                   Access to Information\nThe Office of Inspector General has received access to all information required to carry out\nits activities. No reports to the Chairman, concerning refusal of such information, were\nmade during the period.\n\n\n\n                                              Other Matters\n\nEXTERNAL COORDINATION\nThe Office actively participates in the activities of the Executive Council on Integrity and\nEfficiency (ECIE). The Inspector General attends ECIE meetings, is an active member of\nits Financial Institutions Regulatory Committee, and serves as the ECIE member on the\nIntegrity Committee (established by Executive Order No. 12993).\nThe Deputy Inspector General is an active member of the Federal Audit Executive Council\n(FAEC). The FAEC considers audit issues relevant to the Inspector General community.\nThe Associate Inspector General for Investigations/Counsel to the Inspector General and\nthe Associate Counsels are active members of the PCIE Council of Counsels. The Council\nconsiders legal issues relevant to the Inspector General community.\n\n\n\nS E C O I G S E M I - AN N U AL R E P O R T                                OCTOBER 31,\n2006\n\x0c                                                                                 PAGE 9\n\n\nPEER REVIEW\nThe Office of Inspector General of the Corporation for Public Broadcasting completed a peer\nreview of the Office\xe2\x80\x99s audit function during the period. The review found that the audit\nfunction complied with generally accepted government auditing standards. As a result of\nthe review, we made several changes to our Audit and Inspection Manual to enhance our\naudit quality control system.\nIn the next semi-annual period (the first half of fiscal year 2007), the Office of Inspector\nGeneral of the Equal Employment Opportunity Commission is scheduled to perform a peer\nreview of the Office\xe2\x80\x99s investigative function.\n\n\nREVIEW OF LEGISLATION AND REGULATIONS\nThe Office reviewed existing and proposed legislation and regulations relating to the\nprograms and operations of the Commission, pursuant to the Inspector General Act of 1978,\nas amended. We tracked both legislation and regulations by researching relevant\ndocuments and databases, including lists prepared by the IG community and the\nCommission's Office of General Counsel. Our independent assessments focused on the\nimpact on the economy and efficiency of, and the prevention and detection of fraud and\nabuse in, programs and operations administered by the Commission. In addition, statutes\nand regulations were reviewed within the context of audits and investigations (e.g., the\nimpact of the Federal Information Security Management Act on Commission operations).\nAmong the legislation we assessed was the \xe2\x80\x9cCredit Rating Agency Reform Act of 2006\xe2\x80\x9d (S.\n3850). This act streamlines the current process for designating credit rating firms and\ngives the Commission new power to inspect and to discipline rating firms. The Office did\nnot provide any comments. We also had no comments on any of the proposed or final rules\nissued by the Commission.\nWe provided comments to the Government Accountability Office on proposed changes to the\nGovernment Auditing Standards. We also reviewed the Commission's network log-in\nbanner and recommended that it be revised to comply with Department of Justice guidance.\n The Commission implemented our suggestions.\n\n\n\n\nS E C O I G S E M I - AN N U AL R E P O R T                               OCTOBER 31,\n2006\n\x0c                                                                      PAGE 10\n\n\n\n\n                                      Questioned Costs\n\n                                                              DOLLAR VALUE\n                                                            (IN THOUSANDS)\n\n\n                                                         UNSUPPORTED     QUESTIONED\n                                               NUMBER       COSTS          COSTS\nA          For which no management decision\n           has been made by the\n           commencement of the reporting         0            0                 0\n           period\n\nB          Which were issued during the\n           reporting period\n                                                 0            0                 0\n\n           Subtotals (A+B)                       0            0                 0\n\nC          For which a management decision       0            0                 0\n           was made during the reporting\n           period\n\n    (i)    Dollar value of disallowed costs      0            0                 0\n\n    (ii)   Dollar value of costs not             0           0                  0\n           disallowed\n\nD          For which no management               0           0                  0\n           decision has been made by the end\n           of the period\n\n           Reports for which no management       0           0                  0\n           decision was made within six\n           months of issuance\n\n\n\n\nS E C O I G S E M I - AN N U AL R E P O R T                       OCTOBER 31,\n2006\n\x0c                                                                          PAGE 11\n\n\n\n\n                Recommendations That Funds Be Put To\n                          Better Use\n                                                                DOLLAR VALUE\n                                                      NUMBER   (IN THOUSANDS)\nA              For which no management decision\n               has been made by the commencement\n                                                         0            0\n               of the reporting period\nB              Which were issued during the\n               reporting period\n                                                         0            0\n\n\n               Subtotals (A+B)                           0            0\nC              For which a management decision           0            0\n               was made during the period\n     (i)       Dollar value of recommendations that      0            0\n               were agreed to by management\n           -   Based on proposed management              0            0\n               action\n           -   Based on proposed legislative action      0            0\n     (ii)      Dollar value of recommendations that      0            0\n               were not agreed to by management\nD              For which no management decision\n               has been made by the end of the\n                                                         0            0\n               reporting period\n               Reports for which no management\n               decision was made within six months\n                                                         0            0\n               of issuance\n\n\n\n\nS E C O I G S E M I - AN N U AL R E P O R T                        OCTOBER 31,\n2006\n\x0c                                                                              PAGE 12\n\n\n\n\n           Reports with No Management Decisions\nManagement decisions have been made on all audit reports issued before the beginning of\nthis reporting period (April 1, 2006).\n\n\n\n                    Revised Management Decisions\nNo management decisions were revised during the period.\n\n\n\n          Agreement with Significant Management\n                        Decisions\nThe Office of Inspector General agrees with all significant management decisions regarding\naudit recommendations.\n\n\n\n\nS E C O I G S E M I - AN N U AL R E P O R T                             OCTOBER 31,\n2006\n\x0c                      MANAGEMENT RESPONSE OF\n              THE SECURITIES AND EXCHANGE COMMISSION\n    ACCOMPANYING THE SEMIANNUAL REPORT OF THE INSPECTOR GENERAL\n        FOR THE PERIOD APRIL 1, 2006 THROUGH SEPTEMBER 30, 2006\n\n\nIntroduction\n\nThe Semiannual Report of the Inspector General (IG) of the Securities and Exchange\nCommission (SEC) was submitted to the Chairman on October 31, 2006 as required by the\nInspector General Act of 1978, as amended. The report has been reviewed by a member of the\nExecutive Staff, as well as the Executive Director, General Counsel, and Director of the Division\nof Enforcement. The Management Response is based on their views and consultation with the\nChairman.\n\nThe Management Response is divided into four sections to reflect the specific requirements\nlisted in Section 5(b) of the Inspector General Act of 1978, as amended.\n\n                                       Section I\n                  Comments Keyed to Significant Sections of the IG Report\n\nA.    Audit Program\n\n      During the reporting period, the IG issued five audit reports, one inspection report, two\n      special project reports, and one investigative memorandum on management issues. The IG\n      also completed one survey. Management generally concurred with the findings and\n      recommendations in the IG\xe2\x80\x99s reports.\n\n      In addition to audits performed by the agency\xe2\x80\x99s IG, the Government Accountability Office\n      (GAO) actively reviewed program and administrative functions of the SEC. A complete\n      listing of all GAO audit activity involving the SEC is attached as Appendix A.\n\nB.    Response to Significant Problems\n\n      No new significant problems were identified by the IG during this reporting period.\n\nC.    Response to Significant Problems Previously Identified\n\n      Financial Management System Controls\n\n      As in prior years, the Inspector General\xe2\x80\x99s report provides a description of the financial\n      management system control weaknesses identified during an OIG contractor\xe2\x80\x99s audit and\n      subsequent GAO audits. During the 2006 financial statement audit, GAO reviewed the\n      corrective actions taken by the SEC to resolve the material weaknesses in this area and\n      determined that financial management system controls are no longer a material weakness.\n      The following is a description of corrective actions taken to improve controls in this area.\n\xc2\xa0                                             \xc2\xa0                                             \xc2\xa0\xc2\xa0\n\x0c   \xe2\x80\xa2   Financial Statement Preparation Process. In 2006, the SEC made substantial\n       progress in improving its financial management system controls. Among other\n       initiatives, the agency\xe2\x80\x99s Office of Financial Management completed documentation\n       of key policies and procedures for financial reporting; improved documentation of\n       the audit trail between general ledger accounts and the financial statements, prepared\n       interim financial statement notes, and added key staff. In addition, the office\n       formalized the membership, procedures, and responsibilities of the Financial\n       Management Oversight Committee.\n\n   \xe2\x80\xa2   Recording and Reporting of Disgorgement and Penalties. The SEC took a number\n       of important steps to ensure the integrity of enforcement-related disgorgement and\n       penalty data: the Enforcement Division completed a comprehensive Delinquent\n       Debt Project, the agency introduced new controls over the recording of enforcement\n       receivables, and the agency completed the design of a new financial management\n       system for tracking disgorgement and penalties that will replace the financial portion\n       of the Division\xe2\x80\x99s existing case tracking system.\n\nInformation Resources Management\n\nDuring this reporting period, the Office of Information Technology (OIT) significantly\nimproved the underlying management controls and overarching policies and procedures\ngoverning the management of information technology. OIT satisfied a total of 87 audit\nrecommendations in fiscal 2006, addressing the need to establish and implement a body of\nmanagement controls, policies and procedures related to IT capital investment decision-\nmaking, administration of IT contracts, IT project management, enterprise architecture\nmanagement, strategic management of IT human capital, and management of software\nlicenses.\n\nWith respect to IT security, the SEC improved this area to the point where the IG no longer\nconsiders it a component of this significant problem. The SEC implemented a wide variety\nof new policies and procedures governing the assessment and management of information\nsecurity risk. These procedures include comprehensive approaches for identifying security\nrisk; configuring, testing, and monitoring information systems; incident response; remedial\naction tracking; and many other areas. The SEC also completed the certification and\naccreditation of its major systems, and conducted awareness training for 99 percent of SEC\nstaff. The SEC also established and tested its disaster recovery and business continuity\nplans in accordance with recommendations from previous years.\n\n\n\n\n                                           2\n\x0c     Although some additional work remains to be completed to adequately address some\n     aspects of the IG\xe2\x80\x99s continuing concerns, OIT is currently working with the Inspector\n     General to jointly assess the remaining elements of the significant problem.\n\n     Given the continuous attention, progress and improvements made by OIT to establish,\n     implement, and enforce effective IT management policies and controls, the SEC\xe2\x80\x99s Chief\n     Information Officer anticipates resolving this significant problem in fiscal 2007.\n\nD.   IG Recommendations Concerning Use of Funds\n\n     None.\n\nE.   Reports with No Management Decisions\n\n     Management decisions have been made on all audits issued prior to the beginning of the\n     reporting period (April 1, 2006).\n\nF.   Revised Management Decisions\n\n     No management decisions were revised during the reporting period.\n\n\n\n\n                                              3\n\x0cSEC Management Response to\nSemiannual IG Report\nApril 1, 2006 \xe2\x80\x93 September 30, 2006\n\n\n                                          SECTION II\n                                        Disallowed Costs\n                                    As of September 30, 2006\n\n\n                                                                   Dollar Value\n                                                          Number   (in thousands)\n\nA.     For which final action has\n       not been taken by the\n       commencement of the\n       reporting period                                        0          $0\n\nB.     On which management decisions\n       were made during the reporting\n       period                                                  0          $0\n\n       (Subtotal A+B)                                          0          $0\n\nC.     For which final action was\n       taken during the reporting\n       period                                                  0          $0\n\n       (i)    Recovered by management                          0          $0\n\n       (ii)   Disallowed by management                         0          $0\n\nD.     For which no final action has\n       been taken by the end of the\n       reporting period                                        0          $0\n\n\n\n\n                                               4\n\x0cSEC Management Response to\nSemiannual IG Report\nApril 1, 2006 \xe2\x80\x93 September 30, 2006\n\n\n                                          SECTION III\n                                      Funds Put to Better Use\n                                        As of April 1, 2006\n\n\n                                                                   Dollar Value\n                                                          Number   (in thousands)\n\nA.     For which final action has\n       not been taken by the\n       commencement of the\n       reporting period                                     0             $0\n\nB.     On which management decisions\n       were made during the reporting\n       period                                               0             $0\n\nC.     For which final action was\n       taken during the reporting\n       period:\n\n       (i)    Dollar value of recom-\n              mendations that were\n              agreed to by management                       0             $0\n\n       (ii)   Dollar value of recom-\n              mendations that management\n              has subsequently concluded\n              should/could not be\n              implemented or completed                      0             $0\n\nD.     For which no final action has been\n       taken by the end of the reporting period             0             $0\n\n\n\n\n                                                  5\n\x0c                                                                                          SEC Management Response to\n                                                                                          Semiannual IG Report\n                                                                                          April 1, 2006 \xe2\x80\x93 September 30, 2006\n\n                                                         SECTION IV\n                                             Open Audit Reports Over One Year Old\n                                                   As of September 30, 2006\n\n\n                                                  Funds Put to\n                                                   Better Use          Questioned Costs\nAudit #   Audit Title               Issued        (in thousands)        (in thousands)    Reason Final Action Not Taken\n\n220       IRM Planning and\n          Execution                 3/26/1996        $0                      $0           An overarching policy framework\n                                                                                          has been implemented, which addresses\n                                                                                          all aspects of IT management. A major\n                                                                                          initiative is underway to publish all\n                                                                                          remaining IT-related policies in 2007.\n\n320       General Computer Controls 12/26/2000       $0                      $0           The recommendations are being addressed\n                                                                                          as part of the remediation efforts underway\n                                                                                          as a result of the audits of SEC\xe2\x80\x99s financial\n                                                                                          statements.\n\n337       IT Project Management     1/24/2002        $0                      $0           See explanation for audit #220.\n\n\n\n\n                                                                   6\n\x0c                                                                                           SEC Management Response to\n                                                                                           Semiannual IG Report\n                                                                                           April 1, 2006 \xe2\x80\x93 September 30, 2006\n\n                                                          SECTION IV\n                                              Open Audit Reports Over One Year Old\n                                                    As of September 30, 2006\n\n\n                                                   Funds Put to\n                                                    Better Use          Questioned Costs\nAudit #   Audit Title                Issued        (in thousands)       (in thousands)         Reason Final Action Not Taken\n\n353       Regional Telecommuni-\n          cations Security           8/20/2002        $0                      $0               An inventory of voice and circuit data\n                                                                                               is ongoing and expected to be completed\n                                                                                               in the first quarter of fiscal 2007.\n\n365       IT Capital Investment\n          Decision-making Followup   3/29/2004        $0                      $0               The draft IT Capital Planning Committee\n                                                                                               Charter is being revised due to a shift in\n                                                                                               its mission.\n\n371       Small Business Reg D\n          Exemption Process          3/31/2004        $0                      $0               The two remaining recommendations\n                                                                                               are being addressed as part of a rule-\n                                                                                               making initiative. A process has been\n                                                                                               worked out to coordinate development\n                                                                                               of the rule proposals with state securities\n                                                                                               regulators.\n\n                                                                    7\n\x0c                                                                                            SEC Management Response to\n                                                                                            Semiannual IG Report\n                                                                                            April 1, 2006 \xe2\x80\x93 September 30, 2006\n\n\n                                                             SECTION IV\n                                                 Open Audit Reports Over One Year Old\n                                                       As of September 30, 2006\n\n\n                                                   Funds Put to\n                                                    Better Use          Questioned Costs\nAudit #   Audit Title               Issued         (in thousands)        (in thousands)    Reason Final Action Not Taken\n\n376       Telephone Card Program    11/17/2003        $0                      $0           See explanation for audit #220.\n\n377       Lost and Stolen\n          Securities Program        3/31/2004         $0                      $0           Several Commission releases are expected\n                                                                                           to be revised. In addition, a process is\n                                                                                           being created for managing non-\n                                                                                           SEC developed applications.\n\n380       IT Contractor Billings    1/10/2005         $0                      $0           Some policies are being changed in\n                                                                                           conjunction with the automated procure-\n                                                                                           ment system currently being implemented.\n383       Targeting IA/IC\n          Compliance Examinations   9/29/2004         $0                      $0           Most of the recommendations have been\n                                                                                           implemented. Various options are\n                                                                                           being explored to meet the spirit and intent\n                                                                                           of the remaining open recommendations.\n\n                                                                    8\n\x0c                                                                                              SEC Management Response to\n                                                                                              Semiannual IG Report\n                                                                                              April 1, 2006 \xe2\x80\x93 September 30, 2006\n\n                                                             SECTION IV\n                                                 Open Audit Reports Over One Year Old\n                                                       As of September 30, 2006\n\n\n                                                      Funds Put to\n                                                       Better Use          Questioned Costs\nAudit #   Audit Title                   Issued        (in thousands)        (in thousands)     Reason Final Action Not Taken\n\n393       Software Management                            $0                     $0             Policies and procedures are expected to\n                                                                                               be published in 2007. In addition, work is\n                                                                                               underway to identify performance\n                                                                                               metrics for monitoring and follow-up\n                                                                                               on software licensing information.\n\n394       Targeting B/D Compliance\n           Examinations                 9/22/2005        $0                      $0            Efforts are underway to enhance the\n                                                                                               broker-dealer targeting process and\n                                                                                               to develop a risk rating system.\n\n395       Integrity Program\xe2\x80\x94\n          Inspection of Field Offices   5/31/2005        $0                      $0            The draft employee handbook is being\n                                                                                               reviewed.\n\n\n\n\n                                                                       9\n\x0c                                                                                           SEC Management Response to\n                                                                                           Semiannual IG Report\n                                                                                           April 1, 2006 \xe2\x80\x93 September 30, 2006\n\n                                                         SECTION IV\n                                             Open Audit Reports Over One Year Old\n                                                   As of September 30, 2006\n\n\n                                                  Funds Put to\n                                                   Better Use           Questioned Costs\nAudit #   Audit Title               Issued        (in thousands)          (in thousands)    Reason Final Action Not Taken\n\n402       Office of the Secretary   9/20/2005        $0                       $0            Policies have been drafted and will be\n                                                                                            issued in 2007.\n\n406       Federal Information\n           Security Management\n           Act\xe2\x80\x942005                 9/28/2005        $0                       $0            E-authentication risk assessments are\n                                                                                            being conducted for systems remotely\n                                                                                            authenticating users over the network.\n                                                                                            The expected completion date is March\n                                                                                            2007.\n\n409       Certification and\n          Accreditation of ACTS+                     $0                       $0            The system\xe2\x80\x99s security and disaster\n                                                                                            recovery plans are being updated.\n                                                                                            The expected completion date is March\n                                                                                            2007.\n\n\n                                                                   10\n\x0c                                                                                              SEC Management Response to\n                                                                                              Semiannual IG Report\n                                                                                              April 1, 2006 \xe2\x80\x93 September 30, 2006\n\n                                                            SECTION IV\n                                                Open Audit Reports Over One Year Old\n                                                      As of September 30, 2006\n\n\n                                                     Funds Put to\n                                                      Better Use           Questioned Costs\nAudit #   Audit Title                  Issued        (in thousands)          (in thousands)    Reason Final Action Not Taken\n\n411       Security Certification and\n          Accreditation Process        9/30/2005        $0                       $0            The general support system certification\n                                                                                               and accreditation is being updated. The\n                                                                                               updated certification and accreditation will\n                                                                                               be used to reassess the security test and\n                                                                                               evaluations of the SEC\xe2\x80\x99s 12 major\n                                                                                               applications already accredited. The\n                                                                                               expected completion date is March 2007.\n\n\n\n\n                                                                      11\n\x0c                                                                     APPENDIX A\n\n\n                       Government Accountability Office Audit Activity\n                      Involving the Securities and Exchange Commission\n\n\nReports Issued During the Reporting Period\n\n1.     Internal Control: Improvements Needed in SEC\xe2\x80\x99s Accounting and Financial\n       Reporting Procedures (GAO-06-459R, Mar. 2006)\n\n2.     Sarbanes-Oxley Act: Consideration of Key Principles Needed in Addressing\n       Implementation for Smaller Public Companies (GAO-06-361, Apr. 2006)\n\n3.     Personnel Practices: Conversion of Employees from Noncareer to Career Positions\n       May 2001-April 2005 (GAO-06-381, May 2006)\n\n4.     Personal Information: Key Federal Privacy Laws Do Not Require Information\n       Resellers to Safeguard All Sensitive Data (GAO-06-674, June 2006)\n\n5.     Financial Restatements: Update of Public Company Trends, Market Impacts, and\n       Regulatory Enforcement Activities (GAO-06-678, June 2006)\n\n\nProjects Active as of September 30, 2006\n\n1.   Hedge Funds and Related Federal Regulatory Oversight (250313). A review of the\n     risks and regulatory framework of hedge funds. Issues to be addressed include the\n     evolution of the hedge fund industry in terms of growth, investment strategies and\n     fee structures; SEC oversight of hedge funds and financial regulators\xe2\x80\x99 oversight of\n     counterparties; disclosure requirements; potential implications of ERISA\n     amendments related to hedge funds; and the applicability of legislative reforms\n     suggested by the President\xe2\x80\x99s Working Group after Long Term Capital Management.\n     In addition to the SEC, GAO will be conducting the audit work at the Department of\n     Labor, Commodity Futures Trading Commission, Federal Reserve, Office of the\n     Comptroller of the Currency, Federal Deposit Insurance Corporation, and Office of\n     Thrift Supervision.\n\n2.   SEC Oversight of Corporate Governance Ratings (250312). A review of the SEC\xe2\x80\x99s\n     oversight of firms that provide proxy advisory services and corporate governance\n     ratings. GAO will focus on (1) the structure and operations of these firms,\n     particularly with respect to the potential for conflicts of interest; (2) the extent to\n     which the methodologies used by these firms to issue ratings and proxy\n     recommendations are transparent; (3) the extent to which competition exists in the\n     industry; (4) the impact these firms have, if any, on proxy voting; and (5) the extent\n     of any other related SEC actions involving these firms.\n\xc2\xa0                                            \xc2\xa0                                                 \xc2\xa0\xc2\xa0\n\x0c3.   Credit Derivatives (250310). A review of the use of information technology systems\n     in the credit derivatives markets. GAO will determine: (1) the extent to which major\n     dealers are using IT systems to manage their operational risk in connection with their\n     credit derivative transactions, (2) the extent to which financial regulators are\n     overseeing the operational risk faced by major dealers in connection with their credit\n     derivatives transactions, and (3) actions that industry associations and clearing\n     organizations are taking to improve IT systems to reduce operations risk.\n\n4.   Pay and Performance Systems (450460/450492). A review of pay and performance\n     systems at the SEC and other federal financial regulatory agencies. For each of these\n     agencies, GAO will examine the extent to which their pay and performance\n     management systems are aligned with key practices important for effective\n     performance management.\n\n5.   NCUA Corporate Governance (250302). A review of the National Credit Union\n     Administration\xe2\x80\x99s policies and procedures regarding the composition and professional\n     background of NCUA\xe2\x80\x99s Board members and senior staff as it relates to independence\n     and objectivity issues. GAO intends to talk with SEC about the Commission and its\n     senior staff, to identify best practices regarding policies and procedures related to\n     independence and objectivity.\n\n6.   EBSA\xe2\x80\x99s ERISA Enforcement (130532). A study to assess the capability of the Labor\n     Department\xe2\x80\x99s Employee Benefits Security Administration to enforce pension laws.\n     Among other things, GAO will examine what promising enforcement practices and\n     strategies agencies such as SEC and the IRS use that may be applicable to EBSA\xe2\x80\x99s\n     enforcement efforts.\n\n7.   Pension Plan Asset Management (130554). A study of the potential conflicts that\n     may exist involving investment managers and the effects these conflicts may have\n     had on recent problems in plan underfunding.\n\n8.   Basel II Capital Accord (250291). A review of the potential impact of the\n     implementation of Basel II on the U.S. financial system and the proposed revisions to\n     current reserve requirement regulations for non-Basel II banks.\n\n9.   Consolidated Supervision (250258). A study of the policies and procedures of the\n     various agencies engaged in consolidated supervisory responsibilities for financial\n     institutions to determine how and why they differ, the effectiveness of consolidated\n     supervision and the extent to which agencies seek to improve its effectiveness by\n     identifying and adopting \xe2\x80\x9cbest practices\xe2\x80\x9d, and the implications of any duplication of\n     resources caused by having various regulatory bodies engaged in overseeing similar\n     activities.\n\n\n                                            2\n\x0c10.   Financial Markets Preparation Follow-on (250285). A review of the progress made\n      by U.S. financial regulators and market participants to increase their security and\n      resiliency against attacks or other disasters, as well as to follow-up on issues and\n      recommendations made from GAO\xe2\x80\x99s prior reports.\n\n11.   Financial Literacy (250276). A review of the Financial Literacy and Education\n      Commission\xe2\x80\x99s (1) national strategy and (2) activities to promote financial literacy\n      and coordinate federal efforts in this area.\n\n12.   FY 2006 SEC Financial Statement Audit (194571). An audit of the SEC\xe2\x80\x99s 2006\n      financial statements. GAO will (1) express an opinion on whether the SEC\xe2\x80\x99s fiscal\n      year 2006 financial statements are fairly presented, in all material respects, in\n      conformity with U.S. generally accepted accounting principles, (2) express an\n      opinion on whether SEC\xe2\x80\x99s internal controls provided reasonable assurance that\n      losses, noncompliance or misstatements material in relation to the statements would\n      be prevented or detected on a timely basis, and (3) report on SEC compliance with\n      selected provisions of laws and regulations.\n\n13.   PUHCA (360719). A study of FERC\xe2\x80\x99s efforts to assume responsibilities for\n      protecting consumers and investors previously under the jurisdiction of the SEC.\n      GAO plans to describe differences in state\xe2\x80\x99s authority to regulate utility affiliates.\n      GAO plans to meet with SEC to discuss any transition issues and concerns.\n\n14.   CFTC Oversight (250256) and Natural Gas Prices (360659). The first assignment is\n      a review of the CFTC\xe2\x80\x99s oversight of futures trading in energy. The second\n      assignment is a review of the factors that affect natural gas price volatility\xe2\x80\x94\n      particularly those driving today\xe2\x80\x99s higher prices\xe2\x80\x94and the federal government role in\n      ensuring that prices are determined in a competitive market. Although SEC is not the\n      focus of these studies, GAO will meet with SEC to discuss: (1) the SEC\xe2\x80\x99s equities\n      market surveillance, and (2) SEC\xe2\x80\x99s staff report entitled, \xe2\x80\x9cImplications of the Growth\n      of Hedge Funds in September 2003,\xe2\x80\x9d and how the role played by hedge funds in the\n      financial markets has changed.\n\n15.   World Peak Oil Production (360601). A review of the available data and estimates\n      of world oil reserves, oil production and oil consumption, as well as government and\n      private studies predicting the date of world peak oil production. GAO\xe2\x80\x99s contact with\n      SEC focuses on SEC guidelines and definitions for accurate disclosures of proved oil\n      reserves in SEC filings.\n\n\n\n\n                                               3\n\x0c"